Lamar Owen wrote: > On Tuesday, November 30, 2010 03:31:44 pm m.roth at 5-cent.us wrote: >> Lamar Owen wrote: >> > CA should know better, and if they are targeting RHEL commercially >> > they should be supporting the default RHEL configuration. > >> Right. So, hey, do you have the rights to call CA and lean on them? > > Nope, sorry. Can't help you there. > So, that's out. >> And I notice that you don't address the other point, all the in-house >> apps, > > In house apps must be addressed in-house; I'll address mine (and expose a > smaller risk by integrating SELinux), and you or your company can address > yours. I thought that was obvious enough to not require reply, as dealing > with in house developers always invokes some degree of politics. With the developers? Ah, nope, that's *heavy* duty politics with upper management to get them to spend the money (and how does this contribute to this quarter's ROI?!?!?!) > >> and if you think management will say "sure, spend whatever it takes >> to rewrite that so it conforms to selinux...", you're living in >> somewhere I don't. And just about everywhere I've worked, both as a developer and >> as a sysadmin had a *lot* of in-house apps. > > We have a few; none required a rewrite; you're getting a bit melodramatic, > there, as there isn't going to be any application that is going to require > a complete 100% rewrite to work with SELinux. I regret to inform you there's no melodrama here. And when the codebase might be, oh, 50k, or 100k, or 250k lines, and there's all the enhancements that management (or management of other departments) want, and fixing bugs, modifying for selinux is a major budget item. <snip> mark